Unfortunately I don't know the story behind Ms. Irwin's famous OpSec necklace (so famous people have been known to recognize her by it, ironically enough), but I imagine one could assemble something similar out of one of the many sets of alphabetic necklace charms available for purchase online.

And if you don't know what OpSec means, now's as good a time as any to learn.

Sunday, November 22, 2015

What some of you may not realize (since I've never explicitly pointed this out before) is that I actually go to some effort to attribute the found content that goes into this site. I may not find the true origin of a work, but I at least specify where I found something or whose tweet I saw that something in. Those with a keen eye may have even noticed a pattern wherein the morning posts are 100% found content and the afternoon posts are ones where I have had at least some part in the production (even if I'm simply adding a funny caption to an existing image, which is itself linked to in some way).

When it comes to people reposting my own original work, I'm not terribly concerned with attribution. After all, what's important is that the ideas those works engender spreads far and wide and I don't want to be an impediment to that in any way. The point of the Security Memetics project has always been to take advantage of memes to facilitate the decentralized distribution of information in order to spread security awareness more effectively. I want things to spread from one person to another and properly attributing those works is baggage that can hinder that effort.

That being said, I'm not a terribly big fan of people reposting my original works and then either taking or accepting credit for them. The very least they can do is acknowledge that they simply found the work in question. Maybe it seems strange to abdicate credit in one scenario and then complain about in another, but the fact is that as much as I believe in this project, I also recognize that I'm not very good at it. I'm really not very good at any part of it, whether it's producing content that continues to spread on its own, finding and amplifying the signal of other content producers, eliciting contributions from others, or even raising awareness of the existence of the (created or curated) content here. I suck at this, but someone has to see this idea through.

Whether it's ego or selfishness or something else, some human part of me wants those successes to remain my own rather than be claimed either actively or passively by someone else. What will I do about it when it happens? Probably not much. It's not my way to stamp my feet and demand acknowledgement. However, armed with the self-realization that it's important to me, what I can do is work even harder to attribute the content that goes into this site for the benefit of other creators, because... I know that feel, bro.

Thursday, November 19, 2015

Since technology can't read, much less authenticate search warrants, technology that can be unlocked with a search warrant must invariably also be able to be unlocked fraudulently by those without search warrants.

Thanks to George Dinwiddie for tweeting this cartoon that seems to depict a shady character offering to either sell people their forgotten passwords or otherwise get them back into their inaccessible accounts.

Tuesday, November 17, 2015

In this day and age you can't not use encryption, and I don't mean you shouldn't, I mean you can't avoid it because it's all over the place. If you bank online, if you use virtually any email provider, if you log into Facebook or Google, etc. They all use encryption, and they do it because it makes us all safer. Taking away all of our safety in order to go after terrorists is essentially throwing out the baby with the bathwater.

Monday, November 16, 2015

The essence of a smart device is that it is a device that has had some sort of computer added to it so that it can make decisions based on available data in order to behave more intelligently. Every one of those decisions can be gamed by an intelligent adversary.

If a hiding spot doesn't work, "try harder" is not the solution. Once a hiding spot has been figured out, it turns into one of the first places your adversary will look. You need to find a different spot.

Sometimes a funny picture is just a funny picture, but other times there's a story behind it and this time the story is about Buck the coyote stomping donkey who, after apparently stomping this coyote to the point it couldn't fight back, picked the coyote up by the neck and started whipping it around (presumably to finish it off, assuming it wasn't already dead). Apparently donkeys (not just Buck) are good at defending other farm animals from predators.

Do you really expect children (whether they're trapped inside adult bodies or otherwise) to use tokens or biometrics? No, of course you don't. For that, at least, passwords will be with us for a long time (even if our more emotionally mature partners are not).

It would be great if we could get this to work against all our adversaries, but I'm not sure it would always work. In cybercrime, for example, there's an awful lot of collaboration which may impede getting the criminals to see each other as competition.

A dog's owner is their master, a voice of authority they follow obediently. At least that's how it's supposed to work in an ideal world. When that voice of authority is subject to an even higher authority (like the police) it kind of makes sense that a dog would follow their owner's lead.

Wednesday, November 4, 2015

I suspect this was installed by someone who didn't understand how keys work (hard to believe anyone could be that stupid, I know). It's kind of hard to bend keys without breaking them, though I suspect lock picks (especially ad hoc ones) are much easier to bend, so besides making it hard to lock this door it also creates an incentive to learn the skills necessary to bypass locks. Somehow I doubt this was what the people responsible were aiming for.

Finally, camouflage that isn't just blobs of green and brown colouring. I could definitely see this being mistaken for a truck from a distance. Especially if they did a better job of covering up some of those extra wheels.

Tuesday, November 3, 2015

Apparently this is called "Spike Away", though "Grope Shield" might be a more descriptive name. I won't lie, it kinda makes me sad that something like this is even needed, but my hat is off to the creator of this apparent shindogu.

Monday, November 2, 2015

True story, this actually happened last Friday. Unfortunately this wasn't before she gave them remote access to her system with TeamViewer (so I still have to rebuild the system). Still, the fact that she didn't give them administrative access and scared them away this way when they asked if there was anyone else who could give them the access they were looking for is a victory and I'll take it.